"For the past decade or so, courts have disagreed over the scope
of the Computer Fraud and Abuse Act," Stephanie Green and
Christine Neylon O'Brien wrote in their paper. "Some courts have
found that an employee who violates a workplace policy, breaches
a contract, or breaches a duty of loyalty to his employer may be
both civilly and criminally liable under this Act."

The law was passed in 1986 as a way to fight hackers targeting
government computers. The law came on the heels of paranoia
spurred in part by the Matthew Broderick movie
"War Games."

However, the act makes it illegal to knowingly exceed
any authorized use of a computer, meaning if your company
doesn't explicitly allow you to use Facebook, you've essentially
broken the law.

The Ninth Circuit court of Appeals recently ruled in United
States v. Nosal that it wasn't a violation of the
act to circumvent corporate computer access policies.

However, that decision contradicted rulings issued by various
other federal appeals courts, meaning the uncertainty still
stands.

So, according to the paper that was
first brought to our attention yesterday by Workplace Prof
Blog, while online shopping at work might not seem like a big
deal, it could actually be considered a criminal activity until
the courts reach a unanimous conclusion about the ambiguous act.